You can create an unlimited amount of vaults, in which all files are by default shared in a group of people that have access to it. Each file is symmetrically encrypted using AES-256.
Each file key is encrypted with the vault's master RSA 4096 private key, and then stored along side the encrypted file content. We also store the vault's RSA public key, but never the private key.
Syncrypt will not only encrypt the file contents, but will also protect the following things from anyone who doesn't have the vault key:
In addition to the vault keypair, each user and each client has their own RSA keypair, of which we store the public key, as well.
When a new user or a new machine of an existing user is added to a vault, the vault's RSA private key is shared by sending it encrypted with the user's RSA public key.
The existing users must actively accept a new user or machine to the vault, by comparing the fingerprint. Only after this verification, the vault key is transmitted.
As real security can not be achieved through obscurity, we have decided to release our client as Open Source software.
This enables independent security audits while giving the user the level of transparency that is required for a secure platform in 2018.
The client will be cross platform (Mac OSX, Linux, Windows) and available in GUI and CLI flavors.